On Saturday, researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey believe that journalists and media organizations have remained a constant target for state-aligned actors.
The hackers are either pretending or attacking these targets as they have unique access to non-public information that could help in enlarging a cyberespionage operation.
Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.
According to the Bleeping Computer, the China-linked threat actor known as ‘Zirconium’ (TA412) has been confirmed to target American journalists since early 2021 with emails containing trackers that alerted when messages were accessed.
This measure has allowed threat actors to obtain the target’s public IP address from which they can gather more information such as the location of the victim and the internet service provider (ISP).
By February 2022, Zirconium resumes campaigns targeting journalists with the same tactics, concentrating mainly on those reporting about the Russia-Ukraine war.
“In April 2022, Proofpoint observed another Chinese APT group tracked as TA459 targeting reporters with RTF files that dropped a copy of the Chinoxy malware when opened. This group targeted media interested in foreign policy in Afghanistan,” a source as per Bleeping Computer.
